Thanks to patrickmcgraw comment I used 2-legged oauth authentificaton.
Here is some java code.
For client side (using Jersey api):
OAuthParameters params = new OAuthParameters().signatureMethod("HMAC-SHA1").
consumerKey("consumerKey").version("1.1");
OAuthSecrets secrets = new OAuthSecrets().consumerSecret("secretKey");
OAuthClientFilter filter = new OAuthClientFilter(client().getProviders(), params, secrets);
WebResource webResource = resource();
webResource.addFilter(filter);
String responseMsg = webResource.path("oauth").get(String.class);
On provider side:
@Path("oauth")
public class OAuthService {
@GET
@Produces("text/html")
public String secretService(@Context HttpContext httpContext) {
OAuthServerRequest request = new OAuthServerRequest(httpContext.getRequest());
OAuthParameters params = new OAuthParameters();
params.readRequest(request);
OAuthSecrets secrets = new OAuthSecrets().consumerSecret("secretKey");
try {
if(!OAuthSignature.verify(request, params, secrets))
return "false";
} catch (OAuthSignatureException ose) {
return "false";
}
return "OK";
}
}
Here is code for PHP client:
<?php
require_once 'oauth.php';
$key = 'consumerKey';
$secret = 'secretKey';
$consumer = new OAuthConsumer($key, $secret);
$api_endpoint = 'http://localhost:9998/oauth';
$sig_method = new OAuthSignatureMethod_HMAC_SHA1;
$parameters = null;
$req = OAuthRequest::from_consumer_and_token($consumer, null, "GET", $api_endpoint, $parameters);
$sig_method = new OAuthSignatureMethod_HMAC_SHA1();
$req->sign_request($sig_method, $consumer, null);//note: double entry of token
//get data using signed url
$ch = curl_init($req->to_url());
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$res = curl_exec($ch);
echo $res;
curl_close($ch);